1 files changed, 138 insertions, 24 deletions
diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go
index 4b24d7d9f..e7f20854c 100644
--- a/pkg/api/handlers/libpod/images.go
+++ b/pkg/api/handlers/libpod/images.go
@@ -14,7 +14,6 @@ import (
 	"github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/manifest"
-	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/image"
@@ -254,7 +253,7 @@ func ImagesLoad(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	utils.WriteResponse(w, http.StatusOK, handlers.LibpodImagesLoadReport{ID: loadedImage})
+	utils.WriteResponse(w, http.StatusOK, entities.ImageLoadReport{Name: loadedImage})
 }
 
 func ImagesImport(w http.ResponseWriter, r *http.Request) {
@@ -300,9 +299,13 @@ func ImagesImport(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	utils.WriteResponse(w, http.StatusOK, handlers.LibpodImagesImportReport{ID: importedImage})
+	utils.WriteResponse(w, http.StatusOK, entities.ImageImportReport{Id: importedImage})
 }
 
+// ImagesPull is the v2 libpod endpoint for pulling images.  Note that the
+// mandatory `reference` must be a reference to a registry (i.e., of docker
+// transport or be normalized to one).  Other transports are rejected as they
+// do not make sense in a remote context.
 func ImagesPull(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value("runtime").(*libpod.Runtime)
 	decoder := r.Context().Value("decoder").(*schema.Decoder)
@@ -327,36 +330,27 @@ func ImagesPull(w http.ResponseWriter, r *http.Request) {
 		utils.InternalServerError(w, errors.New("reference parameter cannot be empty"))
 		return
 	}
-	// Enforce the docker transport.  This is just a precaution as some callers
-	// might accustomed to using the "transport:reference" notation.  Using
-	// another than the "docker://" transport does not really make sense for a
-	// remote case. For loading tarballs, the load and import endpoints should
-	// be used.
-	imageRef, err := alltransports.ParseImageName(query.Reference)
-	if err == nil && imageRef.Transport().Name() != docker.Transport.Name() {
+
+	imageRef, err := utils.ParseDockerReference(query.Reference)
+	if err != nil {
 		utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest,
-			errors.Errorf("reference %q must be a docker reference", query.Reference))
+			errors.Wrapf(err, "image destination %q is not a docker-transport reference", query.Reference))
 		return
-	} else if err != nil {
-		origErr := err
-		imageRef, err = alltransports.ParseImageName(fmt.Sprintf("%s://%s", docker.Transport.Name(), query.Reference))
-		if err != nil {
-			utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest,
-				errors.Wrapf(origErr, "reference %q must be a docker reference", query.Reference))
-			return
-		}
 	}
 
+	// Trim the docker-transport prefix.
+	rawImage := strings.TrimPrefix(query.Reference, fmt.Sprintf("%s://", docker.Transport.Name()))
+
 	// all-tags doesn't work with a tagged reference, so let's check early
-	namedRef, err := reference.Parse(query.Reference)
+	namedRef, err := reference.Parse(rawImage)
 	if err != nil {
 		utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest,
-			errors.Wrapf(err, "error parsing reference %q", query.Reference))
+			errors.Wrapf(err, "error parsing reference %q", rawImage))
 		return
 	}
 	if _, isTagged := namedRef.(reference.Tagged); isTagged && query.AllTags {
 		utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest,
-			errors.Errorf("reference %q must not have a tag for all-tags", query.Reference))
+			errors.Errorf("reference %q must not have a tag for all-tags", rawImage))
 		return
 	}
 
@@ -377,7 +371,7 @@ func ImagesPull(w http.ResponseWriter, r *http.Request) {
 		OSChoice:            query.OverrideOS,
 		ArchitectureChoice:  query.OverrideArch,
 	}
-	if query.TLSVerify {
+	if _, found := r.URL.Query()["tlsVerify"]; found {
 		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
 	}
 
@@ -400,13 +394,19 @@ func ImagesPull(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	authfile := ""
+	if sys := runtime.SystemContext(); sys != nil {
+		dockerRegistryOptions.DockerCertPath = sys.DockerCertPath
+		authfile = sys.AuthFilePath
+	}
+
 	// Finally pull the images
 	for _, img := range imagesToPull {
 		newImage, err := runtime.ImageRuntime().New(
 			context.Background(),
 			img,
 			"",
-			"",
+			authfile,
 			os.Stderr,
 			&dockerRegistryOptions,
 			image.SigningOptions{},
@@ -422,6 +422,94 @@ func ImagesPull(w http.ResponseWriter, r *http.Request) {
 	utils.WriteResponse(w, http.StatusOK, res)
 }
 
+// PushImage is the handler for the compat http endpoint for pushing images.
+func PushImage(w http.ResponseWriter, r *http.Request) {
+	decoder := r.Context().Value("decoder").(*schema.Decoder)
+	runtime := r.Context().Value("runtime").(*libpod.Runtime)
+
+	query := struct {
+		Credentials string `schema:"credentials"`
+		Destination string `schema:"destination"`
+		TLSVerify   bool   `schema:"tlsVerify"`
+	}{
+		// This is where you can override the golang default value for one of fields
+	}
+
+	if err := decoder.Decode(&query, r.URL.Query()); err != nil {
+		utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "Failed to parse parameters for %s", r.URL.String()))
+		return
+	}
+
+	source := strings.TrimSuffix(utils.GetName(r), "/push") // GetName returns the entire path
+	if _, err := utils.ParseStorageReference(source); err != nil {
+		utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest,
+			errors.Wrapf(err, "image source %q is not a containers-storage-transport reference", source))
+		return
+	}
+
+	destination := query.Destination
+	if destination == "" {
+		destination = source
+	}
+
+	if _, err := utils.ParseDockerReference(destination); err != nil {
+		utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest,
+			errors.Wrapf(err, "image destination %q is not a docker-transport reference", destination))
+		return
+	}
+
+	newImage, err := runtime.ImageRuntime().NewFromLocal(source)
+	if err != nil {
+		utils.ImageNotFound(w, source, errors.Wrapf(err, "Failed to find image %s", source))
+		return
+	}
+
+	var registryCreds *types.DockerAuthConfig
+	if len(query.Credentials) != 0 {
+		creds, err := util.ParseRegistryCreds(query.Credentials)
+		if err != nil {
+			utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest,
+				errors.Wrapf(err, "error parsing credentials %q", query.Credentials))
+			return
+		}
+		registryCreds = creds
+	}
+
+	// TODO: the X-Registry-Auth header is not checked yet here nor in any other
+	// endpoint. Pushing does NOT work with authentication at the moment.
+	dockerRegistryOptions := &image.DockerRegistryOptions{
+		DockerRegistryCreds: registryCreds,
+	}
+	authfile := ""
+	if sys := runtime.SystemContext(); sys != nil {
+		dockerRegistryOptions.DockerCertPath = sys.DockerCertPath
+		authfile = sys.AuthFilePath
+	}
+	if _, found := r.URL.Query()["tlsVerify"]; found {
+		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
+	}
+
+	err = newImage.PushImageToHeuristicDestination(
+		context.Background(),
+		destination,
+		"", // manifest type
+		authfile,
+		"", // digest file
+		"", // signature policy
+		os.Stderr,
+		false, // force compression
+		image.SigningOptions{},
+		dockerRegistryOptions,
+		nil, // additional tags
+	)
+	if err != nil {
+		utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "Error pushing image %q", destination))
+		return
+	}
+
+	utils.WriteResponse(w, http.StatusOK, "")
+}
+
 func CommitContainer(w http.ResponseWriter, r *http.Request) {
 	var (
 		destImage string
@@ -502,3 +590,29 @@ func CommitContainer(w http.ResponseWriter, r *http.Request) {
 	}
 	utils.WriteResponse(w, http.StatusOK, handlers.IDResponse{ID: commitImage.ID()}) // nolint
 }
+
+func UntagImage(w http.ResponseWriter, r *http.Request) {
+	runtime := r.Context().Value("runtime").(*libpod.Runtime)
+
+	name := utils.GetName(r)
+	newImage, err := runtime.ImageRuntime().NewFromLocal(name)
+	if err != nil {
+		utils.ImageNotFound(w, name, errors.Wrapf(err, "Failed to find image %s", name))
+		return
+	}
+	tag := "latest"
+	if len(r.Form.Get("tag")) > 0 {
+		tag = r.Form.Get("tag")
+	}
+	if len(r.Form.Get("repo")) < 1 {
+		utils.Error(w, "repo tag is required", http.StatusBadRequest, errors.New("repo parameter is required to tag an image"))
+		return
+	}
+	repo := r.Form.Get("repo")
+	tagName := fmt.Sprintf("%s:%s", repo, tag)
+	if err := newImage.UntagImage(tagName); err != nil {
+		utils.Error(w, "failed to untag", http.StatusInternalServerError, err)
+		return
+	}
+	utils.WriteResponse(w, http.StatusCreated, "")
+}